Logging in over SSH with a different user exposes the username

ubuntu / authd

Authentication daemon for external Brokers

GNU Lesser General Public License v3.0

58 stars 8 forks source link

Logging in over SSH with a different user exposes the username #478

Closed jibel closed 2 weeks ago

jibel commented 3 weeks ago

authd_msentraid: 0.x/edge: 0.1 2024-08-20 (32)

Test Case

Configure allowed_suffix in authd
SSH with a random user
On the external device, authenticate with a valid user

Expected result

Actual result

The identity of the valid user is revealed in the logs:

denisonbarbosa commented 2 weeks ago

This was fixed by authd-oidc-brokers#115.

The error returned is now authentication failure: could not fetch user info and the full descriptive error is printed to the system journal, if the broker is in DEBUG mode.